Star iptables: the Linux Firewall Administration Program
Linked by Eugenia Loli-Queru on Sun 27th Nov 2005 22:10 UTC
Internet & Networking This chapter covers the iptables firewall administration program used to build a Netfilter firewall. For those of you who are familiar with or accustomed to the older ipfwadm and ipchains programs used with the IPFW technology, iptables will look very similar to those programs. However, it is much more feature-rich and flexible, and it is very different on subtle levels.
E-mail Print r 0   15 Comment(s) http://osne.ws/9vd
Thread beginning with comment 65612
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: PF vs IPTables
by on Mon 28th Nov 2005 01:50 UTC in reply to "PF vs IPTables"

Member since:

I'd love to see more than anecdotal evidence suggesting iptables is faster than PF. There was a paper _years_ ago that compared iptables, ipfilter and PF; at the time, iptables was marginally faster because it wasn't tracking states properly.

I don't see any advantage to the netfilter modules, with the possible exception of L7 filtering. There is a built-in ftp proxy, QoS support (for VoIP), and IPsec filtering native to PF. Not to mention a lot of other features that Linux/iptables can't touch... pfsync (stateful synchronization), sasyncd (IPsec SA synchronization), etc.

-jd

Reply Parent Bookmark Score: 0

RE[2]: PF vs IPTables
by on Mon 28th Nov 2005 11:58 in reply to "RE: PF vs IPTables"
Member since:

OpenBSD is about security over anything else, so a slight
performance loss for more security features is to be
expected.

I don't mind using either IPTables or PF. They do the
job I need them to do.

Reply Parent Bookmark Score: 0